But this has a very significant downside. Any yum command which prints the URL's will show the credentials. This likely includes yum commands which can be run by end users.

Consequentially we really can't recommend doing this.

Unfortunately we need to wait for Redhat to fix this issue before authenticated yum repositories will work properly. If you need this feature and you have official Redhat support we would appreciate it if you would request a fix for this. The more people that do this the more likely it is to be addressed.

Update: RHEL 7 does not require the patch above, but still only supports URL encoded credentials: